Oracle, Which Promised To Protect TikTok User Data From China, Helps Chinese Law Enforcement Snarf Through Lots Of Private Data
from the oh-look-at-that dept
As you'll recall, last summer there was a whole performative nonsense thing with then President Trump declaring TikTok to be a national security threat (just shortly after some kids on TikTok made him look silly by reserving a million tickets to a Trump rally they never intended to attend). Trump and his cronies insisted that TikTok owner ByteDance had to sell the US operations of TikTok to an American firm. The whole rationale about this was the claim -- unsupported by any direct evidence -- that TikTok was a privacy risk, because it was owned by a firm based in Beijing, and that firm likely had connections to the Chinese government (as do basically all large Chinese firms). But how was that privacy risk any worse than pretty much any other company? No one ever seemed to be able to say.
Eventually, after Trump blocked both Microsoft and Walmart from doing the deal, he "approved" a non-sale, but "hosting" deal with Oracle, whose founder/chair, Larry Ellison, and CEO, Safra Catz, were both big Trump supporters. It quickly came out that TikTok's investors deliberately went hunting for a company that they knew Trump liked, and that's why they asked Oracle.
But, part of the announcement of the "deal" was that Oracle would make sure that US TikTok users had their data protected, and that Oracle would keep that data outside the hands of the Chinese government. That seemed somewhat rich, considering that Oracle's initial rise to being a tech giant was built almost entirely on its close connections to the US government, and specifically the intelligence agencies. But it's become even more rich now that the Intercept reports that Oracle actually has a lucrative business helping repressive law enforcement in China do surveillance work. The long story is absolutely full of totally shocking -- but somehow not surprising -- details. It starts off by noting that Oracle hosted a presentation on its own website, literally describing how it helped police in Liaoning province better sort through all of the surveillance data they collected:
Police in China's Liaoning province were sitting on mounds of data collected through invasive means: financial records, travel information, vehicle registrations, social media, and surveillance camera footage. To make sense of it all, they needed sophisticated analytic software. Enter American business computing giant Oracle, whose products could find relevant data in the police department’s disparate feeds and merge it with information from ongoing investigations.
So explained a China-based Oracle engineer at a developer conference at the company’s California headquarters in 2018. Slides from the presentation, hosted on Oracle’s website, begin with a “case outline” listing four Oracle “product[s] used” by Liaoning police to “do criminal analysis and prediction.” One slide shows Oracle software enabling Liaoning police to create network graphs based on hotel registrations and track down anyone who might be linked to a given suspect. Another shows the software being used to build a police dashboard and create “security case heat map[s].” Apparent pictures of the software interface show a blurred face and various Chinese names. The concluding slide states that the software helped police, whose datasets had been “incomprehensible,” more easily “trace the key people/objects/events” and “identify potential suspect[s]” — which in China often means dissidents.
And, yes, if you're wondering, apparently Oracle is helping police in Xingjiang, where there has been ongoing genocide happening against Uyghur Muslims.
In marketing materials, Oracle said that its software could help police leverage information from online comments, investigation records, hotel registrations, license plate information, DNA databases, and images for facial recognition. Oracle presentations even suggested that police could use its products to combine social media activity with dedicated Chinese government databases tracking drug users and people in the entertainment industry, a group that includes sex workers. Oracle employees also promoted company technology for China’s “Police Cloud,” a big data platform implemented as part of the emerging surveillance state.
Several Oracle materials imply that the company has gone substantially further than marketing to Chinese police, which operate as part of the country’s Ministry of Public Security: One presentation detailing Oracle’s database and data security products contains a slide titled “Oracle and the national defense industry.” That title is followed by a list of multiple Chinese military entities, including the People’s Liberation Army, China National Nuclear Corporation, and China Aerospace Science and Technology Corporation. Defense entities are also the apparent target for two additional Oracle Chinese-language presentations, the most recent of which is dated 2015, and for events called the “People’s Armed Police Force–Oracle Cloud Computing Exchange Forum” and the “Oracle Xi’an Aviation and National Defense Industry Informatization Seminar” listed in Chinese on Oracle’s site.
Yikes.
So the whole blasted pitch about taking control over TikTok was about keeping the data away from the Chinese, while at the very same time, the same company is helping Chinese law enforcement scan through tons of surveillance data to better suppress its people?
If you're wondering how Oracle responded to the report, it had a spokesperson claim that the examples in these documents were "theoretical" pitch decks to show how the technology could be used, not how they were being used. But as the article notes, that appears to not be true, and the presentation makes it clear that it's talking about an actual case study, and even points out that the police supplied their own data, which they then analyzed with Oracle's technology.
The article is quite long, but turns up a shocking number of smoking guns:
Some of the Chinese-language presentations on Oracle’s site are labeled “CONFIDENTIAL,” despite being publicly available. It is easy to see why someone might have wanted to keep them hidden. Taken together, they show an extreme willingness to aid in the construction of the surveillance state. One Chinese-language presentation, for example, promotes “Oracle’s recommendation: a more complete platform to meet the needs of public security big data processing.”
[....]
Another pitch depicts a broad array of sensitive citizen data being converted into ones and zeros, including DNA, mental illness records, and other medical information. Still other documents from China boast that Oracle technology can help police trawl internet activity to “analyze potential suspected criminal behavior among hundreds of millions of netizens,” capture license plate data from “tens of thousands of cameras,” and analyze call records to build out criminal networks, then link them to fingerprint and facial recognition images.
Of course, it's not clear if the Oracle TikTok deal will ever happen. It seems that no one was much interested in it beyond the headlines, and the Biden administration doesn't seem keen on enforcing the executive order that created the need for Oracle to step in. And, honestly, after reading this report, perhaps that's much better for the privacy of Americans using TikTok.
Filed Under: china, law enforcement, police, privacy
Companies: bytedance, oracle, tiktok